GWN7000 and blocking access to an IP on another network


#1

Hello,
I have a use case where I have devices on a network that need to access a server (Server A) on a different network (which is working). The customer is preparing to migrate to a new server (Server B) but they do not want the devices to access that server until it is ready.

Devices - 192.168.10.0/24
Server A - 192.168.1.10
Server B - 192.168.1.11

I have tried to set an inbound rule to block access to Server B’s IP but that does not work (devices can still access Server B). Oddly if I set the rule to block the network’s gateway IP 192.168.1.1 the devices in the 192.168.10.0/24 network cannot access 192.168.1.1.

Does this scenario just not work with a GWN7000?

I have done this many times with pfSense/OPNsense/Unifi with no issues.

Also it would be nice to create Alias’s and have multiple IP’s in the Alias to block access but I will take what I can get :slight_smile:


#2

It might help if you can post a screenshot or describe the mechanism that you used to try and block the client.

The GWN in use is pretty outdated and has even been removed from the product listings. It has not received any updates in years, so comparing or hoping that something might be changed to accommodate is pretty much hopeless.

You might be better off seeing if you can use the server’s firewall instead.


#3

I tried to do the block in Firewall -> Traffic Rules -> Input

IP Family - Any
Source Group - Badges
Protocol - All
Destination IP - 192.168.1.11

I then connected to the SSID that has the Vlan for the Badges network with my laptop and I can ping the 192.168.1.11 server. If I change 192.168.1.11 to 192.168.1.1 (the gateway) my pings stop

Thanks!


#4

Try doing a block on an ICMP request as well to see if you can control that aspect. My first thought was that the LAN/WLAN were trusted networks and the firewall would only react to WAN traffic in/out, but reading the manual, it should also be able to do what you seek.

Not sure how the other computer that you are trying to block accesses the server in question, but you could also try to be more specific such as with RDP or other.


#5

I tried ICMP and it still doesnt block.

I also tried 443 which is what the Server’s web gui uses and I could still access the Web Gui.

It seems like this just wont work.

I do have a test unit for the 7062 coming soon. I will see if it works there. Good thing is that I can swap it for another router for now as their setup is pretty basic (only a few VLANS).

I wish Grandstream was still working on the GWN7000 as I have installed quite a few out there and they really do work great.

I did open a case with Grandstream regarding this and I will reply here to let everyone know if it is capable of doing this.

Thanks!


#6

I have switched gears and moved to a GWN7062 so I am not sure if this is the same on the GWN7000 but you will need to configure this type of rule in the GWN7062:

Firewall ->Traffic Rules -> Forwarding Rules

Works perfectly!